Privacy

This privacy policy sets out how AMEE uses and protects any information that you give AMEE when you use this website.

Who we are
The Association for Medical Education in Europe (AMEE) is a worldwide organisation with members in 90 countries on five continents. Members include teachers, educators, researchers, administrators, curriculum developers, deans, assessors, students and trainees in medicine and the healthcare professions.

AMEE promotes international excellence in education in the healthcare professions across the continuum of undergraduate, postgraduate and continuing education. AMEE, working with other organisations, supports teachers and institutions in their current educational activities and in the development of new approaches to curriculum planning, teaching and learning methods, assessment techniques and educational management, in response to advances in medicine, changes in healthcare delivery and patient demands and new educational thinking and techniques.

AMEE is a membership organisation that helps teachers, doctors, researchers, administrators, curriculum developers, assessors and students keep up to date with developments in the rapidly changing world of medical and healthcare professions education.

This Privacy Policy applies to all of AMEE’s activities and initiatives, including:

The AMEE Secretariat is based at the University of Dundee, 12 Airlie Place, Dundee DD1 4HJ. We are a charity registered in Scotland (SC031618) regulated by the Scottish Charity Regulator (OSCR).

Purpose
This Privacy Policy explains when and why we collect personal information about our members and other people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

AMEE is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy policy.

Our commitment
AMEE is fully committed to handling personal information in accordance with data protection legislation and data protection and information security best practices. This means that your personal information will be:

Processed lawfully, fairly, and in a transparent manner

Collected for specified, explicit and legitimate purposes

Only collected so far as required for our lawful purposes

As accurate and up to date as possible

Retained for a reasonable period of time, in accordance with retention policies

Processed in a manner which ensures an appropriate level of security

Whether through this policy or otherwise, we hope to ensure that everyone has a good understanding of why we process personal information and, where we do, the rights they may have.

How do we collect personal information?
We collect information about you in a central database when you use any of the following AMEE websites; AMEE, MedEdPublish, MedEdWorld, to, for example, enquire about membership, committees, conferences, courses, events or if you register to receive our newsletter. In addition, like most organisations that handle personal information, there are various ways in which we collect information from the people we deal with.

Email and written correspondence

Telephone discussions

Social media

Application forms and other information requests

Direct contact at our office, events and elsewhere.

In nearly all instances, it will be obvious to you when we are collecting your personal data.

What personal information do we collect?

We collect information about you when you register with us or place an order for products or services. We also collect information when you voluntarily complete surveys and provide feedback. Website usage information is collected using cookies. The personal information most commonly collected includes:

for visitors to our website – your IP address, and information regarding what pages are accessed and when

other information relevant to customer surveys and/or offers

records of enquiries, meetings and other direct engagement

copies of physical and electronic correspondence

If you make a purchase from the AMEE online shop via our website, your card information is not held by us. It is collected by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions

How is your information used?
We collect information about you to process your order, manage your membership and, if you agree, to email you about other products and services we think may be of interest to you. We use your information collected from the website to personalise your repeat visits to our website. If you agree, we shall pass on your personal information internally to other parts of AMEE, including publications and initiatives, so that they may offer you their products and services. AMEE will not share your information for marketing purposes with companies outside of our organisation. Third parties commissioned by AMEE, such as Conference Organisers, will not share your personal information without your express permission. We may use your information to:

keep our membership listing up to date

carry out our obligations arising from any contracts entered into by you and us

seek your views or comments on the courses or services we provide in order that we can improve our products or services

notify you of changes to our events, courses or services

send you communications which you have requested and that may be of interest to you. These may include information about events, conferences, or promotions delivered by AMEE. We may also include in our communications information about events, conferences, or promotions we think will further our charitable objectives.

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example compliance with the requirements of HMRC or the charities regulator). We will hold your personal information on our systems for as long as is necessary for the relevant activity, such as membership or for the administration of courses and events that we offer, or for as long as is set out in any relevant contract you hold with us.

What is the lawful basis for AMEE’s processing activities?
We will only process personal information where we believe we have a lawful basis to do so. The basis for processing will vary from activity to activity. In some instances, processing may have more than one lawful basis.

The following information below summarises the basis on which we process personal information.

Lawful Basis

Examples of processing activities

Processing is necessary for us to meet our legitimate interests as a provider of certain services to our members, including:

the maintenance of our membership database, and delivery of services we provide to our members, individuals enrolled on our courses and attendees at our events

General administration for maintaining our membership database

Corresponding with members in respect of the delivery of our services within the terms of our conditions of membership

Regulatory activity (e.g. complying with the requirements of the Office of the Scottish Charity Register (OSCR), and fulfilling our responsibilities with regard to applicable legislation)

Independent review of abstracts submitted for conferences, applications for Fellowship and Associate Fellowship and papers submitted for consideration for publication.

Delivery of educational courses, including collaboration with our international tutors

Providing members with relevant news and updates which may be of interest to them

Providing members, individuals enrolled on our courses and attendees at our events with relevant news and updates, marketing and other information.

Use of financial, personal or sensitive information relevant to the delivery of services provided to our members / customers.

Processing is necessary for the performance of a contract with our staff members, individuals enrolled on our courses or suppliers.

Processing is necessary for the purposes of carrying out our obligations as a data controller with respect:

our staff members in the field of employment; and

where we use third party suppliers for processing data, such as maintenance of our website, online services and administration of conferences and other events.

Do we share personal data with third parties?
We will not sell or rent your information to third parties and we will not share your information with third parties for marketing purposes. In certain circumstances the processing activities set out above will require us to share personal information with approved international partners and collaborators for the administration of our group activities, including:

distribution of submissions to our body of academics, researchers and international collaboration centres for the independent evaluation

for the purposes of delivering our educational courses

for the administration of our international events, conferences and seminars

Whenever we share personal data, we take all reasonable steps to ensure it will be handled appropriately and securely by the third party. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

When you are accessing the AMEE secure online shop via our website, your transaction is processed by our third-party payment processor, Worldpay, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.

We may transfer your personal information to a third party if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our members and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

The following is a list of the main third parties with whom we share personal information:

Oversight regulators and statutory bodies (e.g. HMRC and OSCR).

Software providers which allow us to operate efficient digital processes

Our approved events management partners as part of the organisation and administration of our conferences and seminars

Academics and researchers who provide valuable input into the delivery and design of our products and services

For practical reasons, this is an indicative, but not exhaustive list. Please also note that the list may be updated from time to time.

How long do we retain personal information?
The periods for which we retain personal information depends on the purpose for which the information was obtained but, in general terms, we will retain personal data for so long as required by law, or as may be required for record keeping and legal claims purposes.

Where do we store personal information?
Information which you provide to us will ordinarily be stored on our secure servers. However, we do work with third party contractors, some of whom host and operate certain features of the website. By submitting personal information, you agree to this storing and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Personal information is mostly processed by our staff at our Secretariat in Dundee. To allow us to operate efficient digital processes, we need to store data in secure servers which are owned by Dundee University or on secure servers linked to cloud based services all of which are located in the EEC. We also work with third party contractors, some of whom host and operate certain features of the website. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the European Economic Area in this way, we will take all steps reasonably necessary to ensure that appropriate security measures are put in place with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

To ensure that your personal information does receive an adequate level of protection we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection: For example a binding data sharing agreement which includes data access, data security and information sharing clauses. If you require further information about these protective measures, you can request it using the contact details below.

IP addresses
We may collect information about the computer or device which is used to access our website. We use this information to improve the user experience and to help us better understand the ways in which our website is used. This may include information about:

The computer or device type.

IP address.

Operating system.

Browser type and version.

Time zone setting and browser plug-in types and versions.

This is statistical data about our users' browsing actions and patterns. It is collected on an anonymous, aggregated basis, and does not identify individual users.

Security precautions in place to protect the loss, misuse or alteration of your information
We are committed to ensuring that your information is secure. When you give us personal information, we take steps to ensure that it’s treated securely in order to prevent unauthorised access or disclosure. We have put in place suitable physical, technical and organisational procedures to safeguard and secure the information we collect. Any personal information submitted on our website is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the URL bar of the web browser such as Microsoft Internet Explorer, or the web address will start https://

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Profiling
We may analyse the personal information which you have submitted to create a profile of your interests and preferences so that we can contact you with information relevant to you. We do not make use of additional information about you from external sources.

Cookies

Our website makes use of cookie files to distinguish you from other users of our site, to provide you with a bespoke user experience tailored to your individual preferences. A cookie file (a small file of letters and numbers) will be placed on your computer or other access device each time you visit our site.

We also use analytical cookie files. These allow us to recognise and count the number of visitors to our site and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily.

If you wish to delete any such cookie files, please refer to the instructions for your file management software to locate the file or directory that stores cookies. Our cookies will contain the domain name amee.org within the file name.

You may refuse to accept cookie files when visiting our site, by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you choose this setting, you may not get an optimal web site experience and be unable to access certain parts of our site.

Other Websites

Our website and emails may contain links to other websites, such as other medical education associations or carefully selected useful databases or partner organisations. We are not responsible for the content or practices of these other sites and we recommend that you check their own privacy policies.

Your rights where we are processing your information
The UK and EU data protection legislation gives certain rights to UK and EU citizens whose information is being collected by AMEE and processed by our approved partners. The following is a quick summary of these rights:

Access to your information – you have the right to request a copy of the personal information about you that we hold. If you would like a copy of some or all of your personal information, please email or write to us at the address shown at below.

Correcting your information – we want to make sure that your personal information is accurate, complete, and up to date, and so you may ask us to correct any personal information about you that you believe does not meet these standards.

Deletion of your information – you have the right to ask us to delete personal information about you where:

You consider that we no longer require the information for the purposes for which it was obtained

We are using that information with your consent and you have withdrawn your consent – see ‘withdrawing consent to using your information’ below.

You have validly objected to our use of your personal information – see ‘objecting to how we may use your information’ below.

Our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information – you have the right at any time to require us to stop using your personal information for marketing or newsletter purposes. In addition, where we use your personal information to perform tasks carried out in the public interest, or in exercising official authority vested in us then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information – in some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold, or assessing the validity of any objection you have made to our use of your information. The right might also apply if we no longer have a basis for using your personal information but you don't want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims, or where there are other public interest grounds to do so.

Withdrawing consent using your information – where we use your personal information with your consent, you may withdraw that consent at any time, and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact us in any of the ways set out in the ‘contact information and further advice’ section if you wish to exercise any of these rights.

Changes to our privacy policy
We keep this policy under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained by emailing [email protected] or in writing to our office at:

Your choices
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the services we offer then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: [email protected] or telephone on 01382 381953

Contact information and further advice
If you have any questions which are not covered in this policy, please email us at [email protected] To help us deal with your query as quickly as possible, we recommend that you include the following in the email subject ‘GDPR Data Request’. If you would prefer to submit your questions in writing, please write to us at AMEE, 12 Airlie Place, Dundee DD1 4HJ, United Kingdom addressing your letter to ‘GDPR Data Request, AMEE Secretary.

Complaints
While we seek to resolve directly all complaints about how we handle personal information, you also have the right to lodge a complaint with the Information Commissioner's Office, whose contact details are as follows: